If you have difficulty in submitting comments on draft standards you can use a commenting template and email it to admin.start@bsigroup.com. The commenting template can be found here.

We use cookies to give you the best experience and to help improve our website

Find out what cookies we use and how to disable them

IST/33/5 - Identity Management and Privacy Technologies

Sector: Governance & Resilience

Categories: | Information technology applications. General | Information technology. | Management. Human resources | IT applications. Other | Certification. Conformity assessment | Information coding. Character sets | | Law. Administration | | Identification cards and related devices | Information technology. General | Telecontrol. Telemetering | Company organization and management. General

Overview: Under the direction of IST/33, is responsible for the UK input to ISO/IEC JTC 1/SC 27/WG 5 and CEN/CLC/JTC 13/WG 5 whose  scope covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics, privacy and the protection of personal data.  The scope also includes the preparation, publication, review and revision of relevant British standards.

Committee standards activity

In Progress (25)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC/TS 27568 Security and privacy of digital twins

Categories: Unclassified documents

Drafting begins : 2026-03-17 		Drafting
PD CEN/TR 18241 Privacy management in products and services - Biometric access control products and services

Categories: Unclassified documents

Approval begins : 		Approval
ISO/IEC NP 27566-2 Age assurance systems — Part 2: Technical approaches and guidance for implementation

Categories: Information management | Standardization. General rules

Proposal begins : 2024-07-12 		Proposal
BS ISO/IEC 29134:2023 Information technology. Security techniques. Guidelines for privacy impact assessment

Categories:

Approval begins : 2023-05-22 		Approval
BS ISO/IEC 29100:2024 Information technology. Security techniques. Privacy framework

Categories:

Approval begins : 2024-02-22 		Approval
BS ISO/IEC 24760-2:2025 Information security, cybersecurity and privacy protection. A framework for identity management —. Part 2: Reference architecture and requirements

Categories:

Approval begins : 2025-07-23 		Approval
BS EN ISO/IEC 29151 Information security, cybersecurity and privacy protection – Controls, requirements, and guidance for personally identifiable information protection

Categories:

Comment resolution begins : 2026-01-16 		Comment resolution
BS EN ISO/IEC 29146:2024 Information technology. Security techniques. A framework for access management

Categories:

Approval begins : 2024-01-29 		Approval
BS EN ISO/IEC 29115 Information technology — Security techniques — Entity authentication assurance framework

Categories:

Drafting begins : 2026-01-07 		Drafting
BS EN ISO/IEC 27701:2021 Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines

Categories:

Approval begins : 2021-04-29 		Approval
Published (29)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 29003:2018 Information technology. Security techniques. Identity proofing

Categories:

Published standard begins : 2018-04-04 		Published standard
PD ISO/IEC TS 27570:2021 Privacy protection. Privacy guidelines for smart cities

Categories:

Published standard begins : 2021-02-09 		Published standard
PD ISO/IEC TS 27564:2025 Privacy protection. Guidance on the use of models for privacy engineering

Categories:

Published standard begins : 2025-09-25 		Published standard
PD ISO/IEC TS 27560:2023 Privacy technologies. Consent record information structure

Categories:

Published standard begins : 2023-09-06 		Published standard
PD ISO/IEC TR 27563:2023 Security and privacy in artificial intelligence use cases. Best practices

Categories: Information technology. General

Published standard begins : 2023-06-07 		Published standard
PD CEN/CLC/TS 17880:2022 Protection Profile for Smart Meter. Minimum Security requirements

Categories: Telecontrol. Telemetering | | IT applications. Other

Published standard begins : 2023-03-13 		Published standard
PD CEN/CLC/TR 17919:2023 Data protection and privacy by design and by default. Technical Report on applicability to the videosurveillance industry. State of the art

Categories:

Published standard begins : 2023-03-13 		Published standard
BS ISO/IEC 29190:2015 Information technology. Security techniques. Privacy capability assessment model

Categories:

Published standard begins : 2015-08-19 		Published standard
BS ISO/IEC 29115:2013 Information technology. Security techniques. Entity authentication assurance framework

Categories:

Published standard begins : 2013-04-10 		Published standard
BS ISO/IEC 27561:2024 Information security, cybersecurity and privacy protection. Privacy operationalisation model and method for engineering (POMME)

Categories:

Published standard begins : 2024-05-21 		Published standard
Withdrawn (14)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
BS ISO/IEC 29184:2020 Information technology. Online privacy notices and consent

Categories:

Withdrawn begins : 2023-07-24 		Withdrawn
BS ISO/IEC 29151:2017 Information technology. Security techniques. Code of practice for personally identifiable information protection

Categories:

Withdrawn begins : 2022-09-16 		Withdrawn
BS ISO/IEC 29146:2016 Information technology. Security techniques. A framework for access management

Categories:

Withdrawn begins : 2022-11-02 		Withdrawn
BS ISO/IEC 29134:2017 Information technology. Security techniques. Guidelines for privacy impact assessment

Categories:

Withdrawn begins : 2020-04-09 		Withdrawn
BS ISO/IEC 29101:2013 Information technology. Security techniques. Privacy architecture framework

Categories:

Withdrawn begins : 2018-11-30 		Withdrawn
BS ISO/IEC 29100:2011+A1:2018 Information technology. Security techniques. Privacy framework

Categories:

Withdrawn begins : 2020-07-09 		Withdrawn
BS ISO/IEC 29100:2011 Information technology. Security techniques. Privacy framework

Categories:

Withdrawn begins : 2018-07-31 		Withdrawn
BS ISO/IEC 27701:2019 Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines

Categories:

Withdrawn begins : 2021-05-05 		Withdrawn
BS ISO/IEC 27555:2021 Information security, cybersecurity and privacy protection. Guidelines on personally identifiable information deletion

Categories:

Withdrawn begins : 2025-04-02 		Withdrawn
BS ISO/IEC 27018:2014 Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

Categories: |

Withdrawn begins : 2019-01-24 		Withdrawn